The invention relates to a computer-implemented system and method for management of software application issues such as software application vulnerabilities or software quality. The method may comprise the steps of receiving software vulnerability data from a plurality of vulnerability scanning systems; automatically generating a unique vulnerability ID for a vulnerability using a plurality attributes of the vulnerability; comparing a current load of vulnerability data with a previous load of vulnerability data and generating a table of deltas; grouping vulnerabilities into a group that can be managed and remediated on a group basis as a unit of work rather than individually; and automatically generating entries in the developer task tracking system for each vulnerability group or individual vulnerabilities for resolution.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An application vulnerability management system comprising: a memory; and a computer processor that is programmed to: receive via a network software vulnerability data from a plurality of vulnerability scanning systems, wherein the software vulnerability data identifies a plurality of software vulnerabilities in a software application; automatically generate and store in the memory a unique vulnerability ID for a software vulnerability in the software application, using a plurality attributes of the software vulnerability; automatically compare a current load of software vulnerability data with a previous load of software vulnerability data using the computer processor and the unique vulnerability ID and automatically generate and store a table of deltas in the memory; group a plurality of software vulnerabilities into a group that can be remediated by performing a unit of work on a group basis rather than individually remediating each software vulnerability; generate a consolidated view of the plurality of software vulnerabilities, based in part on the table of deltas, and present the consolidated view to a user through a user interface, wherein the consolidated view identifies one or more groups of software vulnerabilities; enable the user, through the user interface, to select one or more of the groups of software vulnerabilities for association with a future release of the software application; and transmit via the network the selected one or more groups of software vulnerabilities to a developer task tracking tool for remediation prior to release, such that a group of software vulnerabilities can be remediated on a group basis rather than individually.
2. The system of claim 1 , wherein the user interface is also designed to allow the user to select individual software vulnerabilities for association with a future release of the software application.
3. The system of claim 1 , wherein the computer processor is programmed to store in table of deltas an indication of whether the delta is a new software vulnerability found in the current load, the absence of a software vulnerability found in a previous load, or a modified software vulnerability.
4. The system of claim 1 , wherein the computer processor is programmed to generate the vulnerability ID using a vulnerability type, a file name, a line number and a hash algorithm.
5. The system of claim 1 , wherein the computer processor is programmed to: enable a user, via the user interface, to review software vulnerabilities that dropped from a previous load of software vulnerability data, and to mark them as closed; and automatically trigger an action to close a corresponding entry in the developer task tracking tool.
6. The system of claim 1 , wherein the computer processor is programmed to: enable a user, with the user interface, to declare a group of software vulnerabilities or an individual vulnerability as a false positive, and to enter a justification; and automatically initiate a review and approval workflow using the developer task tracking tool.
7. The system of claim 1 , wherein the computer processor is programmed to transmit via the network the selected one or more groups of software vulnerabilities to the developer task tracking tool for remediation using message queuing to communicate asynchronously with the developer task tracking tool.
8. The system of claim 1 , wherein the computer processor is programmed to enable a user, via a user interface, to select individual software vulnerabilities for inclusion in the group of software vulnerabilities.
9. The system of claim 1 , wherein the computer processor is programmed to receive software vulnerability data that further identifies software vulnerability categories and software vulnerability locations for the software vulnerabilities.
10. A computer-implemented method for software vulnerability management, the method comprising: receiving via a network software vulnerability data from a plurality of vulnerability scanning systems, wherein the software vulnerability data identifies a plurality of software vulnerabilities in a software application; automatically generating and storing in a database a unique vulnerability ID for a software vulnerability in the software application, using a plurality attributes of the software vulnerability; automatically comparing a current load of software vulnerability data with a previous load of software vulnerability data using a computer processor and the unique vulnerability ID and generating and storing a table of deltas in the database; grouping a plurality of software vulnerabilities into a group that can be remediated by performing a unit of work on a group basis rather than individually remediating each software vulnerability; generating a consolidated view of the plurality of software vulnerabilities, based in part on the table of deltas, and presenting the consolidated view to a user through a user interface, wherein the consolidated view identifies one or more groups of software vulnerabilities; enabling the user, through the user interface, to select one or more of the groups of software vulnerabilities for association with a future release of the software application; and transmitting via the network the selected one or more groups of software vulnerabilities to a developer task tracking tool for remediation prior to release, such that a group of software vulnerabilities can be remediated on a group basis rather than individually.
11. The method of claim 10 , wherein the user interface also allows the user to select individual software vulnerabilities for association with a future release of the software application.
12. The method of claim 10 , wherein the table of deltas indicates whether the delta is a new software vulnerability found in the current load, the absence of a software vulnerability found in a previous load, or a modified software vulnerability.
13. The method of claim 10 , wherein the vulnerability ID is generated using a vulnerability type, a file name, a line number and a hash algorithm.
14. The method of claim 10 , further comprising: enabling a user, with the user interface, to review software vulnerabilities that dropped from a previous load of software vulnerability data, and to mark them as closed; and automatically triggering an action to close a corresponding entry in the developer task tracking tool.
15. The method of claim 10 , further comprising: enabling a user, with the user interface, to declare a group of software vulnerabilities or an individual vulnerability as a false positive, and to enter a justification; and automatically initiating a review and approval workflow using the developer task tracking tool.
16. The method of claim 10 , wherein the step of transmitting via the network the selected one or more groups of software vulnerabilities to the developer task tracking tool for remediation comprises using message queuing to communicate asynchronously with the developer task tracking tool.
17. The method of claim 10 , wherein the step of grouping a plurality of software vulnerabilities into a group comprises enabling a user, via a user interface, to select individual software vulnerabilities for inclusion in the group.
18. The method of claim 10 , wherein the software vulnerability data further identifies software vulnerability categories and software vulnerability locations for the software vulnerabilities.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
November 17, 2017
March 3, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.